VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 30, 2025· Updated Apr 15, 2026

CVE-2025-40089

CVE-2025-40089

Description

In the Linux kernel, the following vulnerability has been resolved:

cxl/features: Add check for no entries in cxl_feature_info

cxl EDAC calls cxl_feature_info() to get the feature information and if the hardware has no Features support, cxlfs may be passed in as NULL.

[ 51.957498] BUG: kernel NULL pointer dereference, address: 0000000000000008 [ 51.965571] #PF: supervisor read access in kernel mode [ 51.971559] #PF: error_code(0x0000) - not-present page [ 51.977542] PGD 17e4f6067 P4D 0 [ 51.981384] Oops: Oops: 0000 [#1] SMP NOPTI [ 51.986300] CPU: 49 UID: 0 PID: 3782 Comm: systemd-udevd Not tainted 6.17.0dj test+ #64 PREEMPT(voluntary) [ 51.997355] Hardware name: [ 52.009790] RIP: 0010:cxl_feature_info+0xa/0x80 [cxl_core]

Add a check for cxlfs before dereferencing it and return -EOPNOTSUPP if there is no cxlfs created due to no hardware support.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A NULL pointer dereference in the Linux kernel's CXL feature info handler can be triggered when hardware lacks CXL Features support, leading to a system crash.

Vulnerability

Overview

CVE-2025-40089 is a NULL pointer dereference vulnerability in the Linux kernel's CXL (Compute Express Link) subsystem. The bug resides in the cxl_feature_info() function within the cxl_core module. When the CXL EDAC driver calls this function to retrieve feature information, the function does not check whether the cxlfs pointer is NULL before dereferencing it. If the hardware does not support CXL Features, cxlfs may be passed as NULL, leading to a kernel NULL pointer dereference and an Oops [1].

Exploitation

An attacker with local access and the ability to trigger the CXL EDAC driver's interaction with hardware that lacks CXL Features support can cause the kernel to crash. The crash manifests as a BUG with a NULL pointer dereference at address 0x0000000000000008, as shown in the kernel log [1]. No special privileges beyond the ability to load or trigger the CXL EDAC driver are required, but the attack surface is limited to systems with CXL hardware that does not support the Features capability.

Impact

Successful exploitation results in a denial of service (system crash) due to a kernel panic. The vulnerability does not allow for privilege escalation or data corruption, but it can cause system instability and downtime.

Mitigation

The fix adds a check for cxlfs before dereferencing it and returns -EOPNOTSUPP if no CXL Features support is detected. The patch has been applied to the Linux kernel stable tree [1]. Users should update their kernel to a version containing this fix.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

2
b8a69e3b1a46
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
a375246fcf2b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

2

News mentions

0

No linked articles in our index yet.